Apple adds basic anti-malware to Snow Leopard
New OS designed to sniff out a pair of Mac-specific Trojans
Computerworld - Apple has expanded a download warning feature in Mac OS X 10.5 to create rudimentary anti-malware detection in the new Snow Leopard operating system due out Friday, sources have confirmed.
Out of the box, Snow Leopard will be able to detect only two Trojan horses, although Apple will be able to push other signatures to users through the Mac operating system's Software Update service, those sources said.
The confirmation came after reports that Snow Leopard had taken its predecessor's File Quarantine feature a step further, and actually scans files downloaded by Safari, Mail or iChat for malicious code. Where Leopard only warned users that a file had been obtained from the Internet -- and thus was potentially dangerous -- Snow Leopard scans files for possible malware.
According to a screenshot posted Monday by Mac-only antivirus maker Intego, Snow Leopard sniffs out the malware, then puts up a warning that recommends users dump the downloaded file in the Trash rather than open it.
Neither of the two Trojans -- dubbed "RSPlug.a" and "Iservice" by Symantec -- that Snow Leopard currently detects is new. The former was first spotted in October 2007, while the latter debuted in January.
RSPlug made news in late 2007 when security researchers found the malware on numerous pornographic Web sites; if downloaded to a Mac, the Trojan changes the machine's DNS (Domain Name System) settings to redirect users to alternate or spoofed sites. Iservice, on the other hand, was spotted earlier this year piggybacking on pirated copies of iWork '09, Apple's productivity suite, by users who had downloaded the software from file-sharing sites.
Several researchers and bloggers, including Computerworld's Seth Weintraub, spotted a new .plist file in Snow Leopard that the OS uses to store malware signatures. That file, "XProtect.plist," has been tucked into the "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources" folder.
Future signature updates will presumably be added to the XProtect.plist file.
Because Apple regularly bashes Microsoft over the flood of Trojans, worms and viruses that target Windows -- most recently in a new television ad -- its admission that malware affects Macs is a setback, albeit small, to its marketing, said one analyst.
"If Apple includes anti-malware, weak or strong, it does undermine Apple's marketing message, but only slightly," said Ezra Gottheil, an analyst with Technology Business Research. "Apple doesn't claim that Macs cannot be successfully attacked; it claims that they are not often successfully attacked, and that is true. So if adding basic anti-malware software helps keep Macs relatively clean, given their lower [attack] profile, that helps Apple's primary message: Macs are less hassle."
Snow Leopard goes on sale Friday, and requires an Intel-based Mac. People upgrading from Leopard can purchase a $29 single-license, or a $49 five-license Family Pack. Users running Mac OS X 10.4, aka Tiger, must instead purchase the more expensive Box Set, which costs $169 for a single license and $229 for a five-license pack. The Box Set also includes the iLife '09 creativity bundle and the iWork '09 productivity suite.
Mac OS X Snow Leopard
- OS X Snow Leopard desertion rate accelerates after patches stop
- Apple signals end to OS X Snow Leopard support
- Apple sneaks Safari update into Snow Leopard
- OS X Snow Leopard stubbornly rejects retirement
- Snow Leopard users: Just try to pry this from my cold, dead hands
- Apple goes against grain, extends support for Snow Leopard
- Mac users left wondering if OS X Snow Leopard's retired
- Opinion: In depth with Apple's Snow Leopard Server
- Apple fixes data deletion bug in Snow Leopard, blocks Atom 'hackintoshes'
- Smackdown: Windows 7 takes on Apple's Snow Leopard
Read more about Mac OS X in Computerworld's Mac OS X Topic Center.
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5 This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Migrate Oracle Apps from RISC/UNIX to Virtualized x86 Ready to move Oracle to a virtualized environment? This brief explains how true converged infrastructure can help you migrate from a RISC/UNIX environment...
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Mac OS X White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!